Tightening up login_hint and id_token requirements to cater for two scenarios.
Ralph Bragg
Branch: RaidiamRalph/fapi-2:RaidiamRalph/tightening-up-login_hint-and-id_token-re-1520868370390
Branch: openid/fapi:master
Merged
Merged pull request
Merged in RaidiamRalph/fapi-2/RaidiamRalph/tightening-up-login_hint-and-id_token-re-1520868370390 (pull request #52)
Tightening up login_hint and id_token requirements to cater for two scenarios.
Initial engagement where a Subject needs to identify itself to a TPP with a bank provided identifier. This identifier should be non static non deterministic to minimize ability for bad actors to spam or trigger invalid requests.
Subsequent client engagements can then use a id_token_hint to identify the subject. This allows TPP's to be responsible for initial subject identification. i.e linking a Bank Identifier to a "club card" etc.